An Improved Differential Fault Attack on Camellia

The S-box lookup is one of the most important operations in cipher algorithm design, and also is the most effective part to prevent traditional linear and differential attacks, however, when the physical implementation of the algorithm is considered, it becomes the weakest part of cryptosystems. This paper studies an active fault based implementation attack on block ciphers with S-box. Firstly, it proposes the basic DFA model and then presents two DFA models for Feistel and SPN structure block ciphers. Secondly, based on the Feistel DFA model, it presents several improved attacks on Camellia encryption and proposes new attacks on Camellia key schedule. By injecting one byte random fault into the r-1th round left register or the the r-1th round key, after solving 8 equations to recover 5 or 6 propagated differential fault of the rth round left register, 5 or 6 bytes of the rth equivalent subkey can be recovered at one time. Simulation experiments demonstrate that about 16 faulty ciphertexts are enough to obtain Camellia-128 key, and about 32, 24 ciphertexts are required to obtain both Camellia-192/256 key with and without FL/FL-1 layer respectively. Compared with the previous study by ZHOU Yongbin et. al. by injecting one byte fault into the rth round left register to recover 1 equivalent subkey byte and obtaining Camellia-128 and Camellia-192/256 with 64 and 96 faulty ciphertexts respectively, our attacks not only extend the fault location, but also improve the fault injection efficiency and decrease the faulty ciphertexts number, besides, our DFA model on Camellia encryption can be easily extended to DFA on Camellia key schedule case, while ZHOU’s can not. The attack model proposed in this paper can be adapted into most of the block ciphers with S-boxes. Finally, the contradictions between traditional cryptography and implementation attacks are analyzed, the state of the art and future directions of the DFA on Block ciphers with S-boxes are discussed

Survey and Benchmark of Block Ciphers for Wireless Sensor Networks

Cryptographic algorithms play an important role in the security architecture of wireless sensor networks (WSNs). Choosing the most storage- and energy-efficient block cipher is essential, due to the facts that these networks are meant to operate without human intervention for a long period of time with little energy supply, and that available storage is scarce on these sensor nodes. However, to our knowledge, no systematic work has been done in this area so far.We construct an evaluation framework in which we first identify the candidates of block ciphers suitable for WSNs, based on existing literature and authoritative recommendations. For evaluating and assessing these candidates, we not only consider the security properties but also the storage- and energy-efficiency of the candidates. Finally, based on the evaluation results, we select the most suitable ciphers for WSNs, namely Skipjack, MISTY1, and Rijndael, depending on the combination of available memory and required security (energy efficiency being implicit). In terms of operation mode, we recommend Output Feedback Mode for pairwise links but Cipher Block Chaining for group communications

An analysis and a comparative study of cryptographic algorithms used on the internet of things (IoT) based on avalanche effect

Ubiquitous computing is already weaving itself around us and it is connecting everything to the network of networks. This interconnection of objects to the internet is new computing paradigm called the Internet of Things (IoT) networks. Many capacity and non-capacity constrained devices, such as sensors are connecting to the Internet. These devices interact with each other through the network and provide a new experience to its users. In order to make full use of this ubiquitous paradigm, security on IoT is important. There are problems with privacy concerns regarding certain algorithms that are on IoT, particularly in the area that relates to their avalanche effect means that a small change in the plaintext or key should create a significant change in the ciphertext. The higher the significant change, the higher the security if that algorithm. If the avalanche effect of an algorithm is less than 50% then that algorithm is weak and can create security undesirability in any network. In this, case IoT. In this study, we propose to do the following: (1) Search and select existing block cryptographic algorithms (maximum of ten) used for authentication and encryption from different devices used on IoT. (2) Analyse the avalanche effect of select cryptographic algorithms and determine if they give efficient authentication on IoT. (3) Improve their avalanche effect by designing a mathematical model that improves their robustness against attacks. This is done through the usage of the initial vector XORed with plaintext and final vector XORed with cipher tect. (4) Test the new mathematical model for any enhancement on the avalanche effect of each algorithm as stated in the preceding sentences. (5) Propose future work on how to enhance security on IoT. Results show that when using the proposed method with variation of key, the avalanche effect significantly improved for seven out of ten algorithms. This means that we have managed to improve 70% of algorithms tested. Therefore indicating a substantial success rate for the proposed method as far as the avalanche effect is concerned. We propose that the seven algorithms be replaced by our improved versions in each of their implementation on IoT whenever the plaintext is varied.Electrical and Mining EngineeringM. Tech. (Electrical Engineering

Further Improved Differential Fault Analysis on Camellia by Exploring Fault Width and Depth

In this paper, we present two further improved differential fault analysis methods on Camellia by exploring fault width and depth. Our first method broadens the fault width of previous Camellia attacks, injects multiple byte faults into the rth round left register to recover multiple bytes of the rth round equivalent key, and obtains Camellia-128,192/256 key with at least 8 and 12 faulty ciphertexts respectively; our second method extends fault depth of previous Camellia attacks, injects one byte fault into the r-2th round left register to recover full 8 bytes of the rth round equivalent key, 5-6 bytes of the r-1th round equivalent key, 1 byte of the r-2th round equivalent key, and obtains Camellia-128,192/256 key with 4 and 6 faulty ciphertexts respectively. Simulation experiments demonstrate: due to its reversible permutation function, Camellia is vulnerable to multiple bytes fault attack, the attack efficiency is increased with fault width, this feature greatly improves fault attack’s practicalities; and due to its Feistel structure, Camellia is also vulnerable to deep single byte fault attack, 4 and 6 faulty ciphertexts are enough to reduce Camellia-128 and Camellia-192/256 key hypotheses to 222.2 and 231.8 respectively

An overview of memristive cryptography

Smaller, smarter and faster edge devices in the Internet of things era demands secure data analysis and transmission under resource constraints of hardware architecture. Lightweight cryptography on edge hardware is an emerging topic that is essential to ensure data security in near-sensor computing systems such as mobiles, drones, smart cameras, and wearables. In this article, the current state of memristive cryptography is placed in the context of lightweight hardware cryptography. The paper provides a brief overview of the traditional hardware lightweight cryptography and cryptanalysis approaches. The contrast for memristive cryptography with respect to traditional approaches is evident through this article, and need to develop a more concrete approach to developing memristive cryptanalysis to test memristive cryptographic approaches is highlighted.Comment: European Physical Journal: Special Topics, Special Issue on "Memristor-based systems: Nonlinearity, dynamics and applicatio

Multiple Bytes Differential Fault Analysis on CLEFIA

This paper examines the strength of CLEFIA against multiple bytes differential fault attack. Firstly, it presents the principle of CLEFIA algorithm and differential fault analysis; then, according to injecting faults into the rth,r-1th,r-2th CLEFIA round three conditions, proposes three fault models and corresponding analysis methods; finally, all of the fault model and analysis methods above have been verified through software simulation. Experiment results demonstrate that: CLEFIA is vulnerable to differential fault attack due to its Feistel structure and S-box feature, 5-6,6-8,2 faults are needed to recover CLEFIA-128 based on the three fault models in this paper respectively, multiple byte faults model can greatly improve the attack practicality and even the attack efficiency, and the fault analysis methods in this paper can provide some fault analysis ideas on other block ciphers using S-box

Fault-propagation Pattern Based DFA on SPN Structure Block Ciphers using Bitwise Permutation, with Application to PRESENT and PRINTcipher

This paper proposes a novel fault-propagation pattern based differential fault analysis method - FPP-DFA, and proves its feasibility on SPN structure block ciphers using bitwise permutation, such as PRESENT and PRINTcipher. Simulated experiments demonstrate that, with the fault model of injecting one nibble fault into the r-2th round substitution layer, on average 8 and 16 faulty samples can reduce the master key search space of PRESENT-80/128 to $2^{14.7}$ and $2^{21.1}$ respectively, and 12 and 24 effective faulty samples can reduce the master key search space of PRINTcipher-48/96 to $2^{13.7}$ and $2^{22.8}$ respectively; with the fault model of injecting one nibble fault into the r-3th round substitution layer, 8 samples can reduce the master key search space of PRINTCipher-96 to $2^{18.7}$